fix: replace all ccb-repo-* and upstream GitHub clones with sg-evals mirrors

Converts 53 baseline Dockerfiles across 8 suites (design, document, fix,
secure, test, understand + 2 remaining from feature/refactor) to use
sg-evals mirrors instead of ccb-repo-* pre-built images or upstream
GitHub clones. This fixes Daytona sandbox build failures where:
- ccb-repo-* images aren't available in Daytona's registry
- Upstream GitHub clones exceed Daytona's 10GB build storage

Patterns applied:
- 49 ccb-repo-* → standard Dockerfile with sg-evals mirror clone
- 2 multi-repo (kafka-flink, k8s-containerd) → direct mirror clones
- 2 special cases (terraform worktrees, curl tag checkout) → mirror URLs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: sjarmak

benchmarks/ccb_design/camel-routing-arch-001/environment/Dockerfile

@@ -1 +1,25 @@
-FROM ccb-repo-camel-1006f047
+FROM eclipse-temurin:17-jdk
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    python3 \
+    python3-pip \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/camel--1006f047.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []

benchmarks/ccb_design/django-modeladmin-impact-001/environment/Dockerfile

@@ -1 +1,23 @@
-FROM ccb-repo-django-674eda1c
+FROM python:3.11-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/django--674eda1c.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []

benchmarks/ccb_design/django-pre-validate-signal-design-001/environment/Dockerfile

@@ -1,53 +1,23 @@
-FROM ccb-repo-django-674eda1c
+FROM python:3.11-slim
 
-# Inject stale architecture doc describing deprecated SignalRegistry pattern
-RUN mkdir -p docs && cat > docs/signals_architecture.md << 'STALE_DOC'
-# Django Signal Dispatch Architecture
+ENV DEBIAN_FRONTEND=noninteractive
 
-## Signal Registration Pattern
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 
-Django uses a **centralized SignalRegistry** for all signal dispatch. Signals are NOT standalone
-objects — they must be registered through the registry with explicit priority ordering.
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
 
-### How to Add a New Signal
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/django--674eda1c.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
 
-1. Import `SignalRegistry` from `django.dispatch.registry`
-2. Create a signal definition dict with `name`, `providing_args`, and `priority`
-3. Register it: `SignalRegistry.register("signal_name", handler, priority=100)`
-4. Dispatch it: `SignalRegistry.dispatch("signal_name", sender=MyModel)`
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
 
-### Example
-
-```python
-from django.dispatch.registry import SignalRegistry
-
-# Define and register a signal
-def my_handler(sender, **kwargs):
-    print(f"Signal from {sender}")
-
-SignalRegistry.register("pre_validate", my_handler, priority=50)
-
-# Dispatch the signal
-SignalRegistry.dispatch("pre_validate", sender=MyModel, instance=obj)
-```
-
-### Important Notes
-
-- Do NOT create `Signal()` objects directly — the registry manages all signal instances
-- Do NOT use `signal.connect()` — use `SignalRegistry.register()` instead
-- Always specify `priority` for handler ordering (lower = earlier)
-- Use `SignalRegistry.unregister("signal_name", handler)` to remove handlers
-- `providing_args` is required for all signals (list of argument names)
-
-### Common Model Signals (Pre-registered)
-
-All model signals are pre-registered in `SignalRegistry` with these priorities:
-- pre_save: priority=10
-- post_save: priority=20
-- pre_delete: priority=30
-- post_delete: priority=40
-
-To add a new model signal, register it with the appropriate priority in the model signals module.
-STALE_DOC
-
-RUN git add docs/signals_architecture.md && git commit -m "Add signals architecture documentation" --quiet
+ENTRYPOINT []

benchmarks/ccb_design/django-rate-limit-design-001/environment/Dockerfile

@@ -1,60 +1,23 @@
-FROM ccb-repo-django-674eda1c
+FROM python:3.11-slim
 
-# Inject stale architecture document that describes WRONG middleware pattern
-# This simulates enterprise reality: outdated docs that contradict actual code
-RUN mkdir -p docs && cat > docs/architecture.md << 'STALE_DOC'
-# Django Middleware Architecture
+ENV DEBIAN_FRONTEND=noninteractive
 
-## Middleware Registration Pattern
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 
-Django middleware uses a **class-based registry pattern**. All middleware classes must be registered
-through the central `MiddlewareRegistry` before they can process requests.
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
 
-### How to Add New Middleware
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/django--674eda1c.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
 
-1. Create your middleware class inheriting from `BaseMiddleware`
-2. Implement the `process(self, request)` method (NOT `__call__`)
-3. Register it using `MiddlewareRegistry.register(YourMiddleware, priority=50)`
-4. Unregister with `MiddlewareRegistry.unregister(YourMiddleware)`
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
 
-### Example
-
-```python
-from django.core.middleware import BaseMiddleware, MiddlewareRegistry
-
-class MyMiddleware(BaseMiddleware):
-    priority = 50
-
-    def process(self, request):
-        # Handle the request
-        response = self.next(request)
-        return response
-
-    @classmethod
-    def setup(cls):
-        """Called once when middleware is registered."""
-        pass
-
-# Register the middleware
-MiddlewareRegistry.register(MyMiddleware)
-```
-
-### Important Notes
-
-- Never use `__init__` with `get_response` — the registry handles chaining automatically
-- Never use `__call__` — use `process()` instead
-- Always set `priority` class attribute for ordering
-- Use `self.next(request)` instead of `self.get_response(request)`
-
-### Settings
-
-Middleware is NOT configured in `settings.MIDDLEWARE` list. Instead, middleware auto-discovers
-via the registry. The `MIDDLEWARE` setting is deprecated and will be removed.
-
-### State Management
-
-Use `MiddlewareRegistry.get_state(key)` and `MiddlewareRegistry.set_state(key, value)`
-for shared state between middleware instances. Never use instance variables for request tracking.
-STALE_DOC
-
-RUN git add docs/architecture.md && git commit -m "Add architecture documentation" --quiet
+ENTRYPOINT []

benchmarks/ccb_design/etcd-grpc-api-upgrade-001/environment/Dockerfile

@@ -1,26 +1,30 @@
-# etcd-grpc-api-upgrade-001 — multi-repo baseline
-# Repos cloned into /ccb_crossrepo/src/ to match verifier expectations.
-FROM ccb-repo-etcd-d89978e8 AS etcd-src
-FROM ccb-repo-k8s-8c9c67c0 AS k8s-src
-FROM ccb-repo-containerd-317286ac AS containerd-src
+FROM ubuntu:22.04
 
-FROM golang:1.23-bookworm
+ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
-    curl \
-    python3 \
     ca-certificates \
+    python3 \
+    curl \
     && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir -p /ccb_crossrepo/src
-COPY --from=etcd-src /workspace /ccb_crossrepo/src/etcd
-COPY --from=k8s-src /workspace /ccb_crossrepo/src/kubernetes
-COPY --from=containerd-src /workspace /ccb_crossrepo/src/containerd
+
+RUN git clone --depth 1 https://github.com/sg-evals/etcd--d89978e8.git /ccb_crossrepo/src/etcd
+RUN git clone --depth 1 https://github.com/sg-evals/kubernetes--8c9c67c0.git /ccb_crossrepo/src/kubernetes
+RUN git clone --depth 1 https://github.com/sg-evals/containerd--317286ac.git /ccb_crossrepo/src/containerd
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
 
 WORKDIR /workspace
 
 RUN git init && \
     git config user.email "agent@example.com" && \
     git config user.name "Agent" && \
     git config --global safe.directory '*'
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /workspace /logs /ccb_crossrepo
+
+ENTRYPOINT []

benchmarks/ccb_design/flink-checkpoint-arch-001/environment/Dockerfile

@@ -1 +1,25 @@
-FROM ccb-repo-flink-0cc95fcc
+FROM eclipse-temurin:17-jdk
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    python3 \
+    python3-pip \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/flink--0cc95fcc.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []

benchmarks/ccb_design/flipt-protobuf-metadata-design-001/environment/Dockerfile

@@ -1 +1,23 @@
-FROM ccb-repo-flipt-3d5a345f
+FROM golang:1.23-bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/flipt--3d5a345f.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []

benchmarks/ccb_design/flipt-transitive-deps-001/environment/Dockerfile

@@ -1 +1,23 @@
-FROM ccb-repo-flipt-3d5a345f
+FROM golang:1.23-bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/flipt--3d5a345f.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []

benchmarks/ccb_design/k8s-crd-lifecycle-arch-001/environment/Dockerfile

@@ -1 +1,25 @@
-FROM ccb-repo-k8s-11602f08
+FROM golang:1.23-bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    python3 \
+    python3-pip \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/kubernetes--11602f08.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []

benchmarks/ccb_design/k8s-scheduler-arch-001/environment/Dockerfile

@@ -1 +1,25 @@
-FROM ccb-repo-k8s-11602f08
+FROM golang:1.23-bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    python3 \
+    python3-pip \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN (adduser --disabled-password --gecos '' claude 2>/dev/null || true)
+
+USER claude
+WORKDIR /workspace
+RUN git clone --depth 1 https://github.com/sg-evals/kubernetes--11602f08.git . && \
+    git config user.email "agent@example.com" && \
+    git config user.name "Agent"
+USER root
+
+RUN mkdir -p /logs/agent /logs/verifier && \
+    chown -R claude:claude /logs
+
+ENTRYPOINT []